A secret key of an entity is generated at each key generating agency (center) by using divided identification information obtained by dividing identification information of the entity into a plurality of blocks and a hash value which consists of a plurality of bits and is set for each key generating agency (center). A plurality of bits of any order are selected for each key generating agency (center) from an original hash-value sequence consisting of a predetermined sequence of a plurality of bits so as to set the hash value for each key generating agency (center). When a new key generating agency (center) is added to a plurality of existing key generating agencies (centers), a hash value is set for the new key generating agency (center) without changing the hash values of the existing key generating agencies (centers).
|
2. A method of permitting a plurality of entities to mutually perform an encryption process for encrypting a plaintext as information to be transmitted into a ciphertext and a decryption process for decrypting the transmitted ciphertext into the original plaintext, the method comprising:
generating a secret key for a plurality of key generating agencies by dividing identification information of each entity into a plurality of blocks and setting a hash value which consists of a plurality of bits for each of the key generating agencies and sending the generated secret key to each entity; and
generating a common key for a plurality of entities for use in the encryption process and decryption process by using components corresponding to an entity to be communicated with, contained in its own secret keys sent from the key generating agencies, respectively,
wherein setting the hash value for each of the key generating agencies is provided by selecting a plurality of bits of any order for each of the key generating agencies from a predetermined sequence of a plurality of bits, and
wherein, when a new key generating agency is added to a plurality of existing key generating agencies, setting a hash value for the new key generating agency is provided by selecting a plurality of bits of any order from an original hash-value sequence consisting of a sequence of hash values set for the existing key generating agencies.
1. A cryptographic communication system which permits a plurality of entities to mutually perform an encryption process for encrypting a plaintext as information to be transmitted into a ciphertext and a decryption process for decrypting the transmitted ciphertext into the original plaintext, the system comprising:
a plurality of key generating agencies, each of which generates a secret key of each entity by using each of divided identification information obtained by dividing identification information of each entity into a plurality of blocks and a hash value which consists of a plurality of bits and is set for each of the key generating agencies and sends the generated secret key to each entity; and
a plurality of entities, each of which generates a common key for use in the encryption process and decryption process by using components corresponding to an entity to be communicated with, contained in its own secret keys sent from the key generating agencies, respectively,
wherein the hash value is set for each of the key generating agencies, by selecting a plurality of bits of any order for each of the key generating agencies from a predetermined sequence of a plurality of bits, and
wherein, when a new key generating agency is added to a plurality of existing key generating agencies, a hash value is set for the new key generating agency by selecting a plurality of bits of any order from an original hash-value sequence consisting of a sequence of hash values set for the existing key generating agencies.
|
The present invention relates to a secret key generating method for generating secret keys of an entity at a plurality of key generating agencies (centers), an encryption method for encrypting information so that parties other than the party concerned are prevented from knowing the content of the information, a cryptographic communication method and cryptographic communication system for performing cryptographic communication, and a memory product/data signal embodied in carrier wave for recording/transferring an operation program of this secret key generating method.
In the modern society, called a highly information-oriented society, based on a computer network, important business documents and image information are transmitted and communicated in a form of electronic information. Such electronic information cab be easily copied, so that it tends to be difficult to discriminate its copy and original from each other, thus bringing about an important issue of data integrity. In particular, it is indispensable for establishment of a highly information oriented society to implement such a computer network that meets the factors of “sharing of computer resources,” “multi-accessing,” and “globalization,” which however includes various factors contradicting the problem of data integrity among the parties concerned. In an attempt to eliminate those contradictions, encrypting technologies which have been mainly used in the past military and diplomatic fields in the human history are attracting world attention as an effective method for that purpose.
A cipher communication is defined as exchanging information in such a manner that no one other than the participants can understand the meaning of the information. In the field of the cipher communication, encryption is defined as converting an original text (plaintext) that can be understood by anyone into a text (ciphertext) that cannot be understood by the third party and decryption is defined as restoring a ciphertext into a plaintext, and cryptosystem is defined as the overall processes covering both encryption and decryption. The encrypting and decrypting processes use secret information called an encryption key and a decryption key, respectively. Since the secret decryption key is necessary in decryption, only those knowing this decryption key can decrypt ciphertexts, thus maintaining data security.
The encryption key and the decryption key may be either the same or different from each other. A cryptosystem using the same key is called a common-key cryptosystem, and DES (Data Encryption Standards) employed by the Standard Agency of the USA Commerce Ministry is a typical example. As an example of the cryptosystem using the keys different from each other, a cryptosystem called a public-key cryptosystem has been proposed. In the public-key cryptosystem, each user (entity) utilizing this cryptosystem generates a pair of encryption and decryption keys and publicizes the encryption key in a public key list, thereby keeping only the decryption key in secret. In this public-key cryptosystem, the paired encryption and decryption keys are different from each other, so that the public-key cryptosystem has a feature that the decryption key cannot be known from the encryption key with a one-way function.
The public-key cryptosystem is a breakthrough in cryptosystem which publicizes the encryption key and meets the above-mentioned three factors required for establishing highly information-oriented society, so that it has been studied actively for its application in the field of information communication technologies, thus leading RSA cryptosystem being proposed as a typical public-key cryptosystem. This RSA cryptosystem has been implemented by utilizing the difficulty of factorization into prime factors as the one-way function. Also, a variety of other public-key cryptosystems have been proposed that utilize the difficulty of solving discrete logarithm problems.
Besides, a cryptosystem has been proposed that utilizes ID (identity) information identifying individuals, such as post address and name of each entity. This cryptosystem generates an encryption/decryption key common to a sender and a receiver based on ID information. Besides, the following ID-information based cryptosystems are provided: (1) a technique which needs a preliminary communication between the sender and the receiver prior to a ciphertext communication and (2) a technique which does not need a preliminary communication between the sender and the receiver prior to a ciphertext communication. The technique (2), in particular, does not need a preliminary communication, so that its entities are very convenient in use, thus considered as a nucleus for the future cryptosystems.
A cryptosystem according to this technique (2) is called ID-NIKS (ID-based non-interactive key sharing scheme), whereby sharing an encryption key without a preliminary communication is enabled by employing ID information of a communication partner. The ID-NIKS needs not exchange a public key or a secret key between a sender and a receiver nor receive a key list or services from third parties, thus securing safe communications between any given entities.
SAi=Fi({SCi}, {PCi}, h(IDA))
The entity A generates, for communications between itself and another arbitrary entity B, a common key KAB for encryption and decryption with its own secret {SAi}, center public information {PCi} and entity B's ID information h(IDB) of the partner entity B as follows:
KAB=f({SAi}, {PCi}, h(IDB))
The entity B also generates a common key KBA for the entity A similarly. If a relationship of KAB=KBA holds true always, these keys KAB and KBA can be used as the encryption and decryption keys between the entities A and B.
In the above-mentioned public-key cryptosystem, for example, an RSA cryptosystem, its public key measures 10-fold and more as long as the presently used telephone number, thus being very troublesome. To guard against this, in the ID-NIKS, each ID information can be registered in a form of name list to thereby be referenced in generating a common key used between any given entities. Therefore, by safely implementing such an ID-NIKS system as shown in
The ID-NIKS has the following two problems. One is that the center becomes Big Brother (the center holds the secrets of all entities and functions as a Key Escrow System). Another problem is that there is a possibility that, when a certain number of entities collude with each other, they can calculate a secret of the center. While various measures have been taken to prevent the collusion problem in terms of quantity of calculation, it is difficult to completely solve this problem.
The cause of the difficulty in solving this collusion problem is that secret parameters based on identification information (ID information) have the dual structure consisting of a center secret and a private secret. In the ID-NIKS, a cryptosystem consists of a publicized parameter of the center, publicized identification information. (ID information) of an individual and this two kinds of secret parameters, and it is necessary to design the cryptosystem so that, even when entities show each other their private secrets distributed to them, the center secret is not revealed. Thus, for the realization of such a cryptosystem, there are many problems to be solved.
Then, the present inventors have proposed a secret key generating method, an encryption method and a cryptographic communication method (hereinafter referred to as the “prior example”) based on the ID-NIKS, which can minimize the mathematical structure, avoid the collusion problem and readily construct the cryptosystem by dividing the identification information (ID information) into some blocks and distributing all secret keys based on the divided information (ID information) from a plurality of centers to an entity.
The reason why various types of cryptosystem based on the identification information (ID information) of an entity, which were proposed to solve the collusion problem, did not succeed was that the measures taken to prevent the center secret from being calculated from collusion information of the entities depended excessively on the mathematical structure. When the mathematical structure is too complicated, a method for verifying security also becomes difficult. Therefore, in the proposed method of the prior example, the identification information (ID information) of an entity is divided into some blocks and all the secret keys for the respective divided identification information (ID information) are distributed to the entity, thereby minimizing the mathematical structure.
In the prior example, a plurality of reliable centers are provided, and the centers generate secret keys having no mathematical structure and corresponding to the respective divided identification information (ID information) of each entity, and send the secret keys to each entity. Each entity generates a common key from the secret keys sent from the respective centers and the publicized identification information (ID information) of the communicating party, without preliminary communication. Therefore, a single center can never hold the secrets of all entities, and each center can never become Big Brother.
Moreover, the present inventors are pursuing their research to improve such a prior example and to construct a cryptographic communication system adopting the prior example. In such a cryptographic communication system, the security can be improved by increasing the number of the centers. It is thus supposed that a new center will frequently be added to a cryptographic communication system which is actually constructed by a certain number of centers.
Whenever a new center is caused to additionally participate in the cryptographic communication system, a new hash value must be set for each of the existing centers and the new center to construct a new overall hash function system, and thus changing of the overall system is unavoidable. In order to cope with the addition of a new center without changing the overall system, the following measures can be taken: each center publicizing its own hash function; and presetting a hash function of a sufficiently long bit length. In the former measure, however, it is not easy for each entity to incorporate a new hash function into its key sharing software. The latter measure poses a problem that, even if a hash function of a tremendously long bit length is prepared, the number of centers to be added is limited.
An object of the present invention is to provide a secret key generating method, encryption method, cryptographic communication method and cryptographic communication system, which do not require changing of the hash values of the existing key generating agencies (centers) even when a new key generating agency (center) is added and can readily add a number of new key generating agencies (centers) while improving the security, and to provide a memory product/data signal embodied in carrier wave for recording/transferring an operation program of this secret key generating method.
In the present invention, when generating secret keys of an entity at a plurality of key generating agencies (centers), respectively, by using respective divided identification information obtained by dividing the identification information of the entity into a plurality of blocks and hash values, each consisting of a plurality of bits, set for each of the key generating agencies (centers), a plurality of bits of any order are selected for each of the key generating agencies(centers) from a predetermined sequence of a plurality of bits so as to set the hash value for each of the key generating agencies (centers).
In the present invention, a plurality of bits of any order are selected for each key generating agency (center) from an original hash-value sequence consisting of a predetermined sequence of a plurality of bits, and the selected plurality of bits are set as a hash value for each key generating agency (center). Accordingly, even when a hash value consisting of a plurality of bits is set for each of existing key generating agencies (centers), a hash value different from the hash values of the existing key generating agencies (centers) can be set for a new key generating agency (center), without changing the hash values of the existing key generating agencies (centers), by using a plurality of bits selected from the original hash-value sequence. It is therefore possible to readily add a number of new key generating agencies (centers) to a cryptographic communication system based on the ID-NIKS, without changing the hash values of the existing key generating agencies (centers).
The above and further objects and features of the invention will more fully be apparent from the following detailed description with accompanying drawings.
The present invention will be described in detail below with reference to the drawings illustrating the embodiment thereof.
Each of these centers 1 is connected to a plurality of entities a, b, . . . , z as the users of this cryptographic communication system via communication channels 2a1, . . . , 2aJ, 2b1, . . . , 2bJ, . . . ,2z1, . . . , 2zJ, and the secret keys of the respective entities are sent from the centers 1 to the entities a, b, . . . , z via these communication channels, respectively. Moreover, communication channels 3ab, 3az, 3bz, . . . are provided between two entities so that a ciphertext obtained by encrypting communication information is transmitted between the respective entities via the communication channels 3ab, 3az, 3bz, . . . .
Let an ID vector as the identification information showing the name and address of each entity be an L-dimensional binary vector, and, as shown in
(Preliminary Process at Center 1)
The centers 1 prepare the following public keys and secret keys, and publicize the public keys.
Public key P A large prime number.
The centers 1 requested by the entity i to register the entity i calculate J secret key vectors sij (j=1, 2, . . . , J) corresponding to the prepared keys and J ID division vectors of the entity i according to equations (2-1), (2-2), . . . , (2-J) below and send the calculated vectors sij in secrecy to complete the registration.
However, if g is a scalar and A and B are matrices, B=gA represents raising g to the power of each component (μ, υ) of A. Specifically, it is written as shown by equation (3). Moreover, Hj [vector Iij] denotes the vector of one row corresponding to the vector Iij extracted from the symmetric matrix Hj, and the operation of [•] is defined as reference.
Bμν=gAμν (3)
(Process of Generating Common Key between Entities)
The entity i selects from its own secret key vector si1 a vector si1 [vector Im1] as a component corresponding to a vector Im1 as an ID division vector of an entity m, and also selects from its own secret key vector sij a vector sij [vector Imj] as a component corresponding to a vector Imj for each block, where j=2, . . . , J. Then, in modulo P, with the vector si1 [vector Im1] as the base, it is raised sequentially to the power of every remaining vector Sij [vector Imj] (j=2, . . . , J) to generate a common key Kim. Specifically, the arithmetic operation for generating this common key Kim is equation (4), and this common key Kim is identical with a common key Kmi calculated from the entity m.
Next, the following description will explain information communication between entities according to the above-described cryptosystem.
The j-th (j=1, 2, . . . , J) center 1 is provided with a secret key generator 1a for calculating the vectors saj, sbj (secret keys) of the entities a and b according to equation (2-j) shown above. Upon a request for registration from each of the entities a and b, the secret key vectors saj, sbj of the entities a and b are sent to the entities a and b, respectively.
The entity a is provided with a memory 10 storing the secret key vectors sa1, . . . , saj, . . . , saJ sent from the J centers 1 in table form; a component selector 11 for selecting from these secret key vectors the vector sa1 [vector Ib1], . . . , vector saj [vector Ibj], . . . , vector saJ [vector IbJ] as the components corresponding to the entity b; a common key generator 12 for generating a common key Kab desired by the entity a for use with the entity b by using these selected components; and an encryptor 13 for encrypting the plaintext (message) M into the ciphertext C by using the common key Kab and for outputting the ciphertext C to a communication channel 30.
Meanwhile, the entity b is provided with a memory 20 storing the secret key vectors sb1, . . . , sbj, . . . , sbJ sent from the respective centers 1 in table form; a component selector 21 for selecting from these secret key vectors the vector sb1 [vector Ia1], . . . , vector sbj [vector Iaj], . . . , vector sbJ [vector IaJ] as the components corresponding to the entity a; a common key generator 22 for generating a common key Kba desired by the entity b for use with the entity a by using these selected components; and a decryptor 23 for decrypting the ciphertext C input from the communication channel 30 into the plaintext (message) M by using the common key Kba and for outputting the plaintext (message) M.
For the transmission of information from the entity a to the entity b, first, the secret key vectors sa1, sa2, . . . , saJ which were calculated at the respective centers 1 according to equations (2-1), (2-2), . . . (2-J) and stored in the memory 10 in advance are read into the component selector 11. Then, the vector sa1 [vector Ib1], vector sa2 [vector Ib2], . . . , vector saJ [vector IbJ] as the components corresponding to the entity b are selected by the component selector 11 and sent to the common key generator 12. In the common key generator 12, the common key kab is calculated according to equation (4) by using these components, and sent to the encryptor 13. In the encryptor 13, the plaintext (message) M is encrypted into the ciphertext C by using this common key Kab, and the ciphertext C is transmitted via the communication channel 30.
The ciphertext C transmitted via the communication channel 30 is input to the decryptor 23 of the entity b. The secret key vectors sb1, sb2, . . . , sbJ which were calculated at the respective centers 1 according to equations (2-1), (2-2), . . . (2-J) and stored in the memory 20 in advance are read into the component selector 21. In the component selector 21, the vector sb1 [vector Ia1], vector sb2 [vector Ia2], . . . , vector sbJ [vector IaJ] as the components corresponding to the entity a are selected, and sent to the common key generator 22. In the common key generator 22, the common key Kba is calculated according to equation (4) by using these components, and then sent to the decryptor 23. In the decryptor 23, the ciphertext C is decrypted into the plaintext (message) M by using this common key Kba.
Here, the following description will explain setting of a hash value at each center 1, which is a characteristic feature of the present invention. In the following example, four (J=4) centers 1 already exist in a cryptographic communication system as shown in
For example, in the case where four new centers 1 are added, new hash values, each consisting of 10 bits, are to be set. According to a conventional technique, a new hash function system of 80 bits is constructed for a total of eight centers 1. In this case, therefore, the hash values of the existing centers 1 are changed. Hence, with the conventional technique, a time-consuming process of setting a hash value must be performed whenever a new center is added to the cryptographic communication system.
In the present invention, new hash values are set for the added centers 1, respectively, in the following manner. Let a data sequence consisting of a sequence of the hash values of the respective existing four centers 1 be a predetermined original hash-value sequence of 40 bits (for example, a hash value of the first center 1 consists of the first to tenth bits, a hash value of the second center 1 consists of the eleventh to twentieth bits, a hash value of the third center 1 consists of the twenty-first to thirtieth bits, and a hash value of the fourth center 1 consists of the thirty-first to fortieth bits). For each new center 1, ten bits of any order are selected from the predetermined original hash-value sequence of 40 bits so that the combination of the selected ten bits is not identical with the combinations of the bits of the existing centers 1, and the selected bits are set as a hash value of each new center 1. For instance, the first, third, eighth, tenth, sixteenth, twenty-first, twenty-second, twenty-seventh, thirty-third and thirty-fifth bits are selected from this 40-bit original hash-value sequence and set as the hash value of one new center 1. There are 40C10 patterns for such selection of bits, and thus the present invention can cope with the addition of an extremely large number of centers 1.
Accordingly, the present invention can set hash values for the newly added four centers 1 without changing the hash values of the existing four centers 1. Even when a new center 1 is added, there is no need to redesign the hash function system. It is therefore possible to add a number of new centers 1 very easily while enhancing the security.
In
A memory product 42 provided inside the computer 40 is implemented using, for example, a hard disk drive or a ROM installed in the computer 40, and a program 42a as mentioned above is recorded on the memory product 42. The program 42a read from the memory product 42 controls the computer 40 so as to generate a secret key of each entity at each center 1.
A memory product 43 used by being loaded into a disk drive 40a installed in the computer 40 is implemented using, for example, a removable magneto-optical disk, CD-ROM, flexible disk or the like, and a program 43a as mentioned above is recorded on the memory product 43. The program 43a read from the memory product 43 controls the computer 40a so as to generate a secret key of each entity at each center 1.
As described in detail above, in the present invention, since a hash value is set for each center by selecting a plurality of bits of any order for each center from a predetermined sequence of a plurality of bits, it is possible to simply set a hash value different from those of the existing centers for a new center without changing the hash values of the existing centers and to readily add a number of new centers to a cryptographic communication system based on the ID-NIKS.
As this invention may be implemented in several forms without departing from the spirit of essential characteristics thereof, the present embodiment is therefore illustrative and not restrictive, since the scope of the invention is defined by the appended claims rather than by the description preceding them, and all changes that fall within metes and bounds of the claims, or equivalence of such metes and bounds thereof are therefore intended to be embraced by the claims.
Patent | Priority | Assignee | Title |
7739501, | Jul 29 2004 | LIGHTBURN, JAMES G | Cryptographic key construct |
7813510, | Feb 28 2005 | MOTOROLA SOLUTIONS, INC | Key management for group communications |
7853018, | Nov 10 2005 | ARXAN TECHNOLOGIES, INC | Method and apparatus for hiding a private key |
Patent | Priority | Assignee | Title |
4760600, | Feb 13 1987 | Oki Electric Industry Co., Ltd. | Cipher system |
5016276, | Jul 31 1986 | Kabushiki Kaisha Advance | Common cryptokey generation system and communication system using common cryptokeys |
5251258, | Mar 05 1991 | NEC Corporation | Key distribution system for distributing a cipher key between two subsystems by one-way communication |
5966449, | Dec 22 1993 | Canon Kabushiki Kaisha | Method and network for communicating between a group of entities a text encrypted using an encryption key intrinsic to the group of entities in a network having a plurality of entities and a center |
6332025, | Mar 10 1997 | Kabushiki Kaisha Toshiba | Software distribution system and software utilization scheme for improving security and user convenience |
6658114, | May 31 1999 | A10 Networks, Inc | Key management method |
JP10164045, | |||
JP10210024, | |||
JP11163850, | |||
JP2000165374, | |||
JP7013485, | |||
JP7046234, | |||
JP7175411, | |||
JP8297467, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Jan 05 2001 | MURAKAMI, YASUYUKI | Murata Kikai Kabushiki Kaisha | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 011479 | /0843 | |
Jan 05 2001 | MURAKAMI, YASUYUKI | Masao Kasahara | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 011479 | /0843 | |
Jan 23 2001 | Murata Kikai Kabushiki Kaisha | (assignment on the face of the patent) | / | |||
Jan 23 2001 | Masao, Kasahara | (assignment on the face of the patent) | / |
Date | Maintenance Fee Events |
Dec 19 2008 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
Nov 09 2012 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Feb 03 2017 | REM: Maintenance Fee Reminder Mailed. |
Jun 28 2017 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Jun 28 2008 | 4 years fee payment window open |
Dec 28 2008 | 6 months grace period start (w surcharge) |
Jun 28 2009 | patent expiry (for year 4) |
Jun 28 2011 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jun 28 2012 | 8 years fee payment window open |
Dec 28 2012 | 6 months grace period start (w surcharge) |
Jun 28 2013 | patent expiry (for year 8) |
Jun 28 2015 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jun 28 2016 | 12 years fee payment window open |
Dec 28 2016 | 6 months grace period start (w surcharge) |
Jun 28 2017 | patent expiry (for year 12) |
Jun 28 2019 | 2 years to revive unintentionally abandoned end. (for year 12) |